Super cookies explained: What they are and how to protect your privacy

Internet cookies are not necessarily bad because they can improve your online experience. A cookie contains a small text file that has information about you. This information could be the last time you visited the website, your login details, or what you left in your digital shopping cart. The next time you visit the same website from which the cookie was generated, that website will immediately be able to use the information you previously provided.

However, cookies can also be used to learn your interests and target you for advertising purposes. You may not like them collecting information about you if you want to keep your online activity to yourself. It’s important to note that due to the GDPR and many US state and federal laws, most websites must notify you that they use cookies. They need your consent to do so. It’s your choice whether you choose to use them or not.

Some cookies can crawl and track you as you visit websites, identifying your behavior patterns. So what do super cookies do?

Super cookies can be found in several forms, each with its own unique purpose. They can infiltrate networks and function as unique identifier headers (UIDHs). UIDHs serve as identifiers that set apart your network connection from another user’s. Websites can secretly track user behavior using these IDs. What’s more, super cookies are more challenging for users to recognize and eliminate than regular cookies.

Super cookie categories

Because super cookies are more persistent than regular cookies, you must understand them. Knowledge of super cookies can help you mitigate the potential security risks and protect your personal info. Let’s go through different types of super cookies:

• HTTP cookies. Browsers use HTTP cookies to store user preferences, login status, and session information. While HTTP cookies are not “super,” they can be used in advanced tracking mechanisms when combined with other cookies.
• Flash cookies. Flash cookies are small data files that Adobe Flash Player uses to monitor users’ online activity. They have a large storage capacity and work by customizing user experience. Flash cookies keep track of sensitive information and browsing history. So hackers may exploit the data records in flash cookies to carry out data breaches.
• Zombie cookies. Zombie cookies, also known as persistent cookies or evercookies, are a type of HTTP cookie that can recreate itself after deletion.
• HSTS super cookies. HSTS super cookies are designed to protect websites against man-in-the-middle attacks. However, they might store browser flags that hackers can use to identify you and be difficult to remove.

Super cookies usually don’t use local storage like regular cookies do. Instead, they are injected at the network level as unique identifier headers (UIDH) by your internet service provider (ISP). You may not know about their existence because the ISP may use them secretly. They can independently identify tracking headers and use the data to serve targeted web ads.

Some super cookies can restore the data from your deleted cookies and link the data with new ones. They can access your login credentials, image and file caches, and plug-in data. The worst part is that ad blockers can’t block them, and you can’t clear them by deleting your browser history and cache data. However, you can refuse them if your ISP allows you to and prevents third parties from monitoring your online activity.

ISPs can inject super cookies to improve advertising revenue and share your data with other companies. Internet users have no control over this threat to their privacy. Super cookies could lead to the leaking of private data, government surveillance, and exploits by cybercriminals. Some of the main threats that come with super cookies include:

• Profiling. Super cookies collect data about users’ online activity, preferences, and behavior, potentially disclosing shopping habits, political affiliations, or health-related data. It may allow advertisers to create detailed user profiles without their knowledge and target users with ads.
• Cross-site tracking. Super cookies can track users’ online activity across multiple websites. Cross-site tracking allows advertisers to monitor users’ browsing more broadly.
• Invasive advertising. Advertisers use data collected by super cookies to deliver personalized and intrusive ads, which can violate privacy and even be manipulative.
• Security risks. Super cookies that contain personal information may become a target to hackers. Hackers can create a user’s profile based on the data stored by super cookies. The persistent nature of super cookies can also be a security risk, bypassing user consent.

Super cookies are mysterious yet powerful creatures – detecting and deleting them is nearly impossible. The traditional cookie clean-up won’t make them go away, nor will setting “Do not track: in your browser or browsing in private mode. However, you can take some countermeasures to protect your personal information:

• Use a reliable browser. Use a reliable browser that prioritizes privacy and offers advanced protection against trackers. Trustworthy browsers have built-in privacy solutions that help manage super cookies tracking.
• Clear your cookies. Delete third party cookies from your browser to mitigate potential super cookie damage. Although it may not eliminate all super cookies, it is a good cyber hygiene practice for managing regular cookies.
• Use privacy extensions. Most reliable browsers provide security extensions to limit tracking cookies.
• Disable Flash Player. Flash cookies play an essential role in monitoring users’ online behavior. So disabling Adobe Flash Player can prevent Flash cookies from accessing your device.
• Use a VPN. Choose a reliable VPN to encrypt your IP address and browsing traffic. It will make it harder for super cookies to track you across different sites. A VPN will not directly protect you from cookies but will add an extra layer of security to your online activity.
• Keep your browser up to date. Update your browser regularly to get the best of the latest security patches and enhancements.